Why Physical Unclonable Functions Beat Factory Key Injection
An examination of PUF entropy sources in custom silicon and why they eliminate the factory provisioning attack surface entirely.
Engineering Notes
Technical writing from the team building it
Deep technical articles on HSM design, confidential compute architecture, PUF entropy sources, and cryptographic hardware — written by the engineers at Bastionchip.
Articles
8
TEE vs. Discrete HSM: Choosing the Right Hardware Trust Boundary
A practical architecture guide for cloud and embedded teams deciding between TEE-in-SoC and discrete HSM silicon for key custody.
Building a Verifiable Attestation Chain for Confidential Cloud Workloads
How hardware attestation tokens chain from silicon die through hypervisor to running workload — and why each link matters.
FIPS 140-3 Level 3 Target: What It Means for Silicon Design
A walk through the FIPS 140-3 Level 3 requirements relevant to custom security silicon — physical security, software security, and the CMVP submission process.
Active Tamper-Mesh Architecture for Custom Security ICs
Design considerations for active metal tamper meshes: material choice, mesh density, response time, and false-positive rate management.
What Confidential VM Deployments Actually Require from Silicon
Looking at the hardware requirements for confidential VMs beyond the TEE spec — attestation, memory encryption, and side-channel isolation.
PCB Integration Guide for Discrete HSM Silicon
Layout, power sequencing, and interface design notes for integrating the Bastionchip HSM die on a host PCB.
Crypto Agility in Hardware: Preparing for Post-Quantum Migration
How to design silicon that supports algorithm migration — and why Kyber-768 in hardware is only half the story.